Obtain OAuth 2.0 and OpenID Connect Metadata
Alias
AsMetadataReadingDescription
Provides the information required for interacting with the TRIDENT OAuth 2.0 authorization servers, which can also act as OpenID Providers. Specifically, it provides information on these servers' capabilities and their endpoints' URLs
Request
The applications must send one of the following requests to the TRIDENT:
GET /trustedx-authserver/oauth/.well-known/openid-configurationGET /trustedx-authserver/oauth/.well-known/oauth-authorization-serverResponse
Status-Line
If the metadata is successfully obtained, the HTTP response will contain the following Status-Line (see Status of the HTTP Responses for all possible cases):
HTTP/1.1 200 OKContent-Type Header
Content-Type: application/json;charset=UTF-8Body
JSON object with the following structure:
{ "issuer": {string}, "authorization_endpoint": {string}, "token_endpoint": {string}, "revocation_endpoint": {string}, "introspection_endpoint": {string}, "registration_endpoint": {string}, "userinfo_endpoint: {string}, "jwks_uri": {string}, "end_session_endpoint": {string}, "scopes_supported": [{string}], "response_types_supported": {string}, "grant_types_supported": [{string}], "token_endpoint_auth_methods_supported": [{string}], "revocation_endpoint_auth_methods_supported": [{string}], "introspection_endpoint_auth_methods_supported": [{string}], "acr_values_supported": [{string}], "subject_types_supported": {string}, "id_token_signing_alg_values_supported": {string}, "claims_supported": [{string}], "request_uri_parameter_supported": {boolean}, "pushed_authorization_request_endpoint": {string}, "code_challenge_methods_supported": {string}, "require_pushed_authorization_requests": {boolean}}|
Property |
Description |
|
issuer |
Token issuer. This value is fixed and is the base URL of the TRIDENT authorization server plus the /oauth suffix. |
|
authorization_endpoint |
Authorization endpoint of the TRIDENT authorization servers. |
|
token_endpoint |
Endpoint for obtaining the access and ID tokens of the TRIDENT authorization servers. |
|
revocation_endpoint |
Endpoint for revoking the access and ID tokens of the TRIDENT authorization servers. |
|
introspection_endpoint |
Endpoint for verifying the access and ID tokens generated by the TRIDENT authorization servers. |
|
registration_endpoint |
Endpoint for registering client applications in TRIDENT. |
|
userinfo_endpoint |
Endpoint for obtaining information (claims) on the identity of an authenticated user. |
|
jwks_uri |
Endpoint for obtaining the public signing keys of the TRIDENT authorization servers. |
|
end_session_endpoint |
Endpoint for ending the user sessions created in TRIDENT for authenticating users during the OAuth 2.0 authorization flows |
|
scopes_supported |
Scopes supported by the TRIDENT authorization servers. |
|
response_types_supported |
response_type values supported by the authorization endpoint of the TRIDENT authorization servers. This property always has the "code" value. |
|
grant_types_supported |
grant_type values supported by the endpoint of the TRIDENT authorization servers for issuing the access and ID tokens. This list can only contain the values "authorization_code" and "client_credentials_grant". |
|
token_endpoint_auth_methods_supported |
Authentication methods supported by the endpoint of the TRIDENT authorization servers for issuing access and ID tokens. |
|
revocation_endpoint_auth_methods_supported |
Authentication methods supported by the endpoint for revoking access and ID tokens generated by the TRIDENT authorization servers. |
|
introspection_endpoint_auth_methods_supported |
Authentication methods supported by the endpoint for verifying access and ID tokens generated by the TRIDENT authorization servers. |
|
acr_values_supported |
Authentication levels in URN format supported by the TRIDENT authorization servers. |
|
subject_types_supported |
subject types supported by the sub property of the ID tokens generated by the TRIDENT authorization servers. This property always has the "public" value. |
|
id_token_signing_alg_values_supported |
Signature algorithms supported for signing the ID tokens generated by the TRIDENT authorization servers. This property is only present if one TRIDENT authorization server acts as an OpenID Provider. It always has the "RS256" value. |
|
claims_supported |
Claims that the ID tokens generated by the TRIDENT authorization servers can contain. |
|
request_uri_parameter_supported |
Specifies if the TRIDENT authorization servers support the inclusion of the request_uri parameter in the authorization requests. This property always has the true value. |
|
pushed_authorization_request_endpoint |
Endpoint for sending pushed authorization requests to the TRIDENT authorization servers (see [RFC 9126]). |
|
code_challenge_methods_supported |
Methods supported by the TRIDENT authorization servers for deriving a challenge code from a code verifier (see [RFC 7636]). This property always has the "S256" value. |
|
require_pushed_authorization_requests |
Specifies if all TRIDENT authorization servers require that the applications directly send them the authorization requests (pushed authorization requests) before the browsers of the users that must grant the authorization do so (see [RFC 9126]). |